Red Hat Bugzilla – Bug 463296
[LTC 6.0 FEAT] 201317:File Capabilities - Userspace
Last modified: 2015-01-22 10:29:04 EST
Emily J. Ratliff <email@example.com> - 2008-09-16 18:26 EDT
1. Feature Overview:
Feature Id: 
a. Name of Feature: File Capabilities - Userspace
b. Feature Description
File capabilities allow an administrator to mark files with POSIX capabilities. When a process is
instantiated from binary, it receives the capabilities with which the on-disk file is marked.
Binaries that would normally require setuid permission can be given only the capabilities required.
The classic example is the ping program. Normally it is setuid because it requires CAP_NET_RAW. With
file capabilities, the binary can be marked on disk as requiring CAP_NET_RAW and no longer needs to
be made setuid. See
http://www.ibm.com/developerworks/library/l-posixcap.html?ca=dgr-lnxw01POSIX-capabilities for more
details. The libcap-2 packages is required for userspace support of the kernel feature.
Additional Comments: Setting status to green.
2. Feature Details:
Sponsor: LTC Security
Arch Specificity: Purely Common Code
Affects Toolchain: Yes
Affects Core Kernel: Yes
Delivery Mechanism: Direct from community
Request Type: Package - Feature from Upstream
d. Upstream Acceptance: Accepted
Sponsor Priority 1
f. Severity: High
IBM Confidential: no
Code Contribution: IBM code
g. Component Version Target: >= libcap-2.04. See
3. Business Case
Finer grained control over executable capabilities reduces the danger binaries as they no longer
need to be made setuid and only required capabilities can be given to the process. This will
increase customer security and give Linux a competitive advantage over Windows and Solaris.
4. Primary contact at Red Hat:
5. Primary contacts at Partner:
Project Management Contact:
Mounir Bsaibes, firstname.lastname@example.org, 512-838-1301
George Wilson, email@example.com
Serge Hallyn, firstname.lastname@example.org
Bryan Jacobson, email@example.com
This version of libcap is already in Fedora 10, so this should not be an issue. Note that further integration and actually using fs capabilities in shipped packages is unfinished work.
Please note that more than just libcap-2 is needed. We need rpm to support capabilities so that it can be decided in the spec file what they should be. We also need user space tools updated to consider files with security extended attributes to be privileged. We have a tracker bug #449984 that we have been working over the last few months. There is a lot of resistance from the community for this feature as noted in bug #455713 where we tried to get setuid removed from ping.
For the record, support for capabilities was recently added to rpm upstream. It's not in any released version yet but that can be expected to change in time for RHEL 6.
As noted in comment #5, userspace file capabilties support is enabled in F10.
Fixed in 'libcap-2.16-5.el6', included in compose 'RHEL6.0-20091106.0'.
Moving to ON_QA.
------- Comment From firstname.lastname@example.org 2010-05-20 09:12 EDT-------
After 'yum install libcap-devel', the ltp filecaps testcase compile, runs, and passes.
[root@ibm-x3950m2-02 6]# pwd
[root@ibm-x3950m2-02 6]# find -name "libcap-2*"
see also comment #7
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.